package com.codeyang.config;

import cn.hutool.core.io.FileUtil;
import cn.hutool.core.io.IORuntimeException;
import cn.hutool.core.io.resource.ClassPathResource;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

import java.nio.charset.Charset;

/**
 * 描述: 资源服务器配置
 * token的解析
 * 因为每个模块都依赖 common 同意解析token
 *
 * @author CodeYang_Site
 * @version 2021/5/22 21:29
 */
@Configuration
//开启资源解析 owth+se的改动配置
@EnableResourceServer
//开启方法级别的权限校验
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceConfig extends ResourceServerConfigurerAdapter {

    /**
     * 存储token
     *
     * @return
     */
    @Bean
    public TokenStore tokenStore() {
        return new JwtTokenStore(jwtAccessTokenConverter());
    }

    /**
     * jwt的访问消息转换器
     * 设置公钥
     *
     * @return
     */
    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        //获取公钥
        ClassPathResource resource = new ClassPathResource("publicKey.txt");
        String publicKey = null;
        try {
            publicKey = FileUtil.readString(resource.getFile(), Charset.defaultCharset());
        } catch (IORuntimeException e) {
            e.printStackTrace();
        }
        //设置公钥
        jwtAccessTokenConverter.setVerifierKey(publicKey);
        return jwtAccessTokenConverter;
    }

    /**
     * 资源服务器的配置
     *
     * @param resources
     * @throws Exception
     */
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.tokenStore(tokenStore());
    }

    /**
     * 控制http的配置
     *
     * @param http
     * @throws Exception
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {


        http.csrf()
                .disable();
        http.sessionManagement()
                .disable();
        http.authorizeRequests()
                //放行  actuator swagger druid
                .antMatchers(
                        "/v2/api-docs",
                        "/v3/api-docs",
                        "/swagger-resources/configuration/ui",   //用来获取支持的动作
                        "/swagger-resources",                    //用来获取api-docs的URI
                        "/swagger-resources/configuration/security", //安全选项
                        "/webjars/**",
                        "/swagger-ui/**",
                        "/druid/**",
                        "/actuator/**",
                        "/payNotify/**" // 放行支付宝回调的接口
                ).permitAll();
        //放行  actuator swagger druid
//                .antMatchers(
//                        URLConfig.getAllowList()
//                ).permitAll();
        http.authorizeRequests()
                .anyRequest()
                .authenticated();
    }
}
